Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-41445 PoC — Teachers Record Management System 跨站脚本漏洞

Source
https://github.com/RashidKhanPathan/CVE-2022-41445
Associated Vulnerability
Title:Teachers Record Management System 跨站脚本漏洞 (CVE-2022-41445)
Description:Teachers Record Management System是开源的一个教师记录管理系统。 Teachers Record Management System 1.0版本存在安全漏洞,该漏洞源于存在跨站脚本(XSS),允许攻击者通过注入到Add Subject页面的精心设计的有效载荷执行任意Web脚本或HTML。
Description
Cross Site Scripting in Teacher's Record Management System using CodeIgnitor
Readme
# CVE-2022-41445
Cross Site Scripting in Teacher's Record Management System using CodeIgnitor

> [Suggested description]
> A cross-site scripting (XSS) vulnerability in Record Management System
> using CodeIgniter 1.0 allows attackers to execute arbitrary web scripts
> or HTML via a crafted payload injected into the Add Subject page.
>
> ------------------------------------------
>
> [Additional Information]
> Proof Of Concept: https://phpgurukul.com/teachers-record-management-system-using-codeigniter/
>
> ------------------------------------------
>
> [Vulnerability Type]
> Cross Site Scripting (XSS)
>
> ------------------------------------------
>
> [Vendor of Product]
> Phpgurukul
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Teachers Record Management System using CodeIgniter - 1.0
>
> ------------------------------------------
>
> [Affected Component]
> Source Code
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> to Exploit the Vulnerability Attacker need to Login With Admin Account First and then attacker need to goto Add Subject Page then in Add Subject Page Attacker need to Add the Arbitrary JavaScript Payload then Click Submit once subject added successfully, now Login with Teacher Account and Goto User Details then Profile View, once you will visit the Profile View the Payload will Execute
>
> ------------------------------------------
>
> [Reference]
> https://phpgurukul.com/teachers-record-management-system-using-codeigniter/
> https://drive.google.com/file/d/18OjJQA2-8-Hdt0HTMwp4aL_Mp_WuffvL/view?usp=sharing
>
> ------------------------------------------
>
> [Discoverer]
> RashidKhan Pathan

Use CVE-2022-41445.
File Snapshot

 [4.0K]  /data/pocs/678f839cd55d122d6a09c17a041363d4636e4d81
└── [1.8K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.